Outlook and TLSv.1
Oliver Welter
mail at oliwel.de
Tue Jan 20 07:14:39 UTC 2015
Hi All,
Am 19.01.2015 um 22:55 schrieb Darren Pilgrim:
> On 1/18/2015 12:45 AM, Robert Schetterer wrote:
>> Am 16.01.2015 um 12:24 schrieb Oliver Welter:
>>> Hi Folks,
>>>
>>> after adding TLSv1.2 to by TLS options a lot of Outlook users complaint
>>> about connection errors, openssl s_client and Thunderbird works fine.
>>>
>>> I found some posts about this but none of them had a real solution on
>>> this - I meanwhile disabled TLSv1.2 which made the Outlook users happy.
>>>
>>> I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014
>>>
>>> ssl_cert = </var/qmail/control/servercert.pem
>>> ssl_cipher_list = ALL:!EXPORT:!LOW:!MEDIUM:!aNULL:+RC4:@STRENGTH
>>> ssl_dh_parameters_length = 2048
>>> ssl_key = </var/qmail/control/servercert.pem
>>> ssl_protocols = !SSLv2 !TLSv1.2
>>>
>>> The certificate is from Comodo using sha256.
>>>
I was not able to track it down exactly but it looks like the problem
was a sha1 signed certificate in the chain. After exchanging that with
the matching 384bit one, the problems are gone.
Oliver
--
Protect your environment - close windows and adopt a penguin!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4074 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150120/ef2be7eb/attachment.p7s>
More information about the dovecot
mailing list